SourceCodester Garage Management System createUser.php access control
Description
Garage Management System 1.0 allows unauthenticated remote creation of admin users via /php_action/createUser.php, leading to full compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Garage Management System 1.0 allows unauthenticated remote creation of admin users via /php_action/createUser.php, leading to full compromise.
Vulnerability
SourceCodester Garage Management System 1.0 contains a critical improper access control vulnerability in the /php_action/createUser.php endpoint. The script does not verify the user's authentication or session before processing a POST request, allowing anyone to create a new user account without any prior authentication. The affected version is Garage Management System 1.0 [1].
Exploitation
An unauthenticated attacker can send a crafted HTTP POST request to /php_action/createUser.php with a multipart/form-data payload containing fields such as userName, upassword, and uemail. No session token or authentication header is required. The exploit has been publicly disclosed and includes a proof-of-concept demonstrating that an attacker can add a new user (e.g., 123@qq.com with password admin@123) and then log in with those credentials [1].
Impact
Successful exploitation grants the attacker a valid user account on the system, potentially with administrative privileges as the endpoint does not restrict the role of the created user. The attacker can then access the application's backend, manipulate data, and perform any action allowed to that user role, leading to complete compromise of the garage management system [1].
Mitigation
As of the publication date (2022-07-29), no official patch or fixed version has been released by the vendor. Users should restrict network access to the createUser.php endpoint, implement proper authentication and session checks, or consider disabling the endpoint if not required. The vendor's site provides the software source code [1], so manual code review and patching are advised.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =1.0
- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing authentication check in /php_action/createUser.php allows unauthenticated creation of new user accounts."
Attack vector
An attacker sends a POST request to /php_action/createUser.php with multipart form-data containing userName, upassword, and uemail fields [ref_id=1]. The server processes the request without verifying any session token, authentication header, or prior login state. Because no access control is enforced on this endpoint, any remote attacker who can reach the web server can create a new administrative user and then log in with the supplied credentials [ref_id=1].
Affected code
The vulnerable endpoint is `/php_action/createUser.php` [ref_id=1]. The file processes user registration data but lacks any authentication or session validation checks before creating a new user record in the database.
What the fix does
No patch is included in the bundle. The advisory [ref_id=1] identifies that the root cause is the absence of authentication and session management checks in createUser.php. To remediate, the application must verify that the requesting user has an active, authenticated session with appropriate administrative privileges before processing user creation. A session check (e.g., verifying $_SESSION variables) should be added at the top of createUser.php, and any request lacking a valid session should be rejected.
Preconditions
- authNo authentication or session token required
- networkAttacker must have network access to the web server
- inputAttacker sends a POST request with form fields userName, upassword, uemail
Reproduction
1. Send a POST request to `/php_action/createUser.php` with multipart/form-data containing `userName`, `upassword`, and `uemail` fields (e.g., `userName=123@qq.com`, `upassword=admin@123`, `uemail=123@qq.com`) [ref_id=1]. 2. Navigate to `/users.php` to confirm the new user appears in the user list. 3. Log in with the created credentials (e.g., `123@qq.com` / `admin@123`) to gain authenticated access [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System--.mdmitrex_refsource_MISC
- vuldb.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.